Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Endpoint Exceptions no longer restrict 'file.path.*' fields in field selector #95848

Closed
kevinlog opened this issue Mar 30, 2021 · 4 comments
Closed

[Security Solution][Detections] Endpoint Exceptions no longer restrict 'file.path.*' fields in field selector #95848

kevinlog opened this issue Mar 30, 2021 · 4 comments
Assignees
@yctercero
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.0

Comments

@kevinlog
Copy link
Contributor

Kibana version:
7.13, 8.0

Elasticsearch version:
7.13, 8.0

Describe the bug:
In the exceptions workflow, when creating an Endpoint Exception, there's no longer a restriction on the file.path field. I can see options for file.path, file.path.caseless, and file.path.text. Before, there was a restriction on creating exceptions to only accept file.path.caseless

Steps to reproduce:

  1. Go to the Detections tab and create an Endpoint Exception from an Alert
  2. See in the dropdown for field selection that file.path, file.path.caseless, and file.path.text are all available

Expected behavior:
Users should be restricted to selecting file.path.caseless

Screenshots (if relevant):
image

Any additional context:
I noticed that we used to user this helper which pulls in exceptionable fields based on type: 'endpoint': https://github.com/elastic/kibana/blob/master/x-pack/plugins/security_solution/public/common/components/exceptions/builder/helpers.tsx#L15

I think this is now being used which doesn't use exceptionable fields JSON: https://github.com/elastic/kibana/blob/master/x-pack/plugins/lists/public/exceptions/components/builder/helpers.ts#L165
@kevinlog kevinlog added bug Fixes for quality problems that affect the customer experience Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Mar 30, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@kevinlog
Copy link
Contributor Author

I'm just basing this off of prior functionality. I know a lot of Detections code is being moved right now, so just let me know if this is still expected!

@yctercero yctercero self-assigned this Mar 30, 2021
@peluja1012 peluja1012 added the impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. label Mar 31, 2021
@dplumlee
Copy link
Contributor

addressed by #95266, was a temp bug during the exceptions lift and shift

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yctercero yctercero

Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@peluja1012 @yctercero @elasticmachine @MadameSheema @dplumlee @kevinlog